malwarewikiaorg-20200223-history
Nuke
Not to be confused with NukeJoke, a DOS virus. Nuke is a ransomware Trojan that is used to take its victims' files hostage. Nuke demands the payment of a substantial ransom from the victim to return access to the victim's files. Nuke belongs to a large family of ransomware that is being used to carry out attacks on potential victims around the world. Payloads To take the victim's files hostage, Nuke encrypts them by using a strong encryption algorithm. Files that have been encrypted by Nuke can be identified because Nuke changes their names to random characters and adds the extension .0x5bm to the end of the file name. The original name is embedded in the final portion of the encrypted file. Files that have been encrypted by Nuke may become unrecoverable, making it quite difficult to deal with Nuke. Whenever Nuke encrypts files, it drops files containing the ransom message associated with the Nuke Ransomware. The Nuke Ransomware drops both a text and an HTML file. These files are named '!!_RECOVERY_instructions_!!.html' and '!!_RECOVERY_instructions_!!.txt.' Below is the message contained inside these ransom note files: !! Your files and documents on this computer have been encrypted !! ** What has happened to my files? ** Your important files on your computer; photos, documents, and videos have been encrypted. Your files were encrypted using AES and RSA encryption. ** What does this mean? ** File encryption was produced using a unique 256-bit key generated specifically for this machine. Encryption is a way of securing data and requires a special key to decipher. Unforunate for you, this special key was encrypted using an additional layer of encryption; RSA. Your files were encrypted using the public RSA key. To truly reverse the unfortunate state of your files, you need the private RSA key which is only known by us. ** What should I do next? ** For your information your private key is a paid product. If you really value your data we suggest you start acting fast because you only short amount of time to recover your files before they are gone forever. There are no solutions to this problem, and no anti-virus software can reverse the process of file encryption because we have also erased recent versions of your files which means you cannot use file recovery software. Modifying your files in any way can damage your files permenantly and we will no longer be able to help you. Follow our terms assigned to you below, and we will have your files recovered. ** Recovering your files ** - Send an email with the subject 'FILE RECOVERY' to opengates@india.com - For a free test decrypt, send one small file which will decrypt free - Wait for a response from us (up to 24-48 hours) - We will send you further information regarding payment and full file decryption of your computer - Receive file decryption software to decrypt every encrypted file on the hard drive Category:Ransomware Category:Win32 ransomware Category:Win32 Category:Microsoft Windows Category:Trojan Category:Win32 trojan